Wes,
Thanks for the quick response. Are you authoritative for AD and, if yes, how
many masters do you have for the AD domain?
We have a single hidden master pair for our AD and core domains and are set for
2 hours. We lost a device and never got alerts for the failure until after
the zones failed. I am looking for some added security to avoid
a failure but still want to make sure changes are propagated efficiently. Is
there another factor that I should be using to define this value? Our refresh
is set for 40 minutes.
Paul
________________________________
From: Wes Zuber <w...@uia.net>
To: Paul Romano <ittec...@yahoo.com>
Cc: "bind-us...@isc.org" <bind-us...@isc.org>
Sent: Saturday, December 1, 2012 3:56 PM
Subject: Re: Expiration TTLs
We go with 1 hour.
--Wes
On Dec 1, 2012, at 12:17 PM, Paul Romano <ittec...@yahoo.com> wrote:
What is a good compromise on zone expiration TTLs? Our DNS is authoritative
for AD DNS and we want to make sure we force records to refresh but do not want
to expose ourselves to the risk of zone failures.
>
>Thanks
>Paul
>
>
> _______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
